<?php
	session_start();//用于登录之后的验证
	$sessionId = isset($_SESSION['sessionId'])?$_SESSION['sessionId']:NULL;
	//目前进行session验证,并把数据显示出来
	
	include_once("./public/common.php");
	include_once("./public/verify.php");
	include_once("./public/opDB.php");
	
	
	//TODO:目前是不完全的验证，uid直接传，虽然由session可以保证用户合法...
	$uid = getPostPara("uid");
	$spesa = getPostPara('spesa');
	$speu = getPostPara('speu');
	$addUser = getPostPara('addUser');
	$deleteUser = getPostPara('deleteUser');
	$password = getPostPara('password');
	$level = getPostPara('level');
	
	$salt = specialDecode($spesa,$constSalt);
	$uid = specialDecode($speu,$constSalt);
	
	
	
	if($spesa == NULL || $speu == NULL){
		echo "fail to verify";
		return false;
	}
	if($addUser == NULL && $deleteUser == NULL){
		echo "fail to get user info";
		return false;
	}
	if(empty($level)|| intval($level) < 0 || intval($level) > 2){//level 不能过高
		$level = 0;
	}
	
	//分两类：add user，则序号为当前最大序号+1，delete user 先要确定该user是否存在
	if($addUser != NULL && strcmp($addUser,'add')==0){
		include_once("public/opDB.php");	
		$row = mysql_query('select max(uid) mx from user');
		$res = mysql_fetch_array($row);
		$uid = intval($res['mx'])+1;
		$hauser = substr(specialEncode($uid,$constSalt),0,32);
		
		mysql_query('insert into user values('.$uid.',"'.$password.'","'.$hauser.'",'.$level.',0)') or die('fail to insert user');
		echo "ok to add";
		mysql_close($con);
		
	}else if(($deleteUser != NULL) && strcmp($deleteUser,'delete')==0){
	
		$uid = intval($uid);
		include_once("public/opDB.php");
		$res = mysql_query('select uid from user where uid='.$uid.' limit 0,1') or die('fail to find');
		$row = mysql_fetch_array($res);
		if(empty($row)){
			mysql_close($con);
			echo 'fail to find';
			return false;
		}
		mysql_query('delete from user where uid='.$uid.' limit 1') or die('fail to delete');
		echo "ok to delete!";
		mysql_close($con);	
	}else{
		echo "404";
		return false;		
	}
	
	echo "<h1>(～￣▽￣)～  success</h1><br/>";
	echo 'you will be back in 1 seconds......<br />';
	echo '<meta http-equiv="Refresh" content="1;url=http://127.0.0.1:8080/phctrl/chart/userManage.php?spesa='.$spesa.'&speu='.$speu.'">';
	echo 'if not return , click here<p></p>';
	echo '<a href="http://127.0.0.1:8080/phctrl/chart/userManage.php?spesa='.$spesa.'&speu='.$speu.'">return</a>';
	
	
	
?>